Scott Goodwin pointed me to ns_encrypt, an AOLserver module available at sourceforge that will encrypt a string using des3, bf, idea, or public key mechanisms.
And of course the advantage is that it would not require a fork for each card procesed.
Did you manage to make ns_encrypt work fine? I can't seem to get it to encrypt/decrypt text larger than the key (which is the RSA limitation) but even using blowfish:
set ciphertext [ns_encrypt -blowfish -keysize 448 -public $original_text]
kills my AOLServer when sending a larger text (just a few hundred characters) with:
alloc: invalid block: 0x2a18c00: ef ef 0
Abort trap
Any luck with this? Or you ended up using OpenSSL?